<<
>>

§ 4. The elements of the criminal procedure form directed on maintenance of safety of information technologies

Expansion of information of a society as a whole and criminal trial in particular naturally involves also the threats connected with information safety which can consist as in threats of plunder of the information, and threats of change of the initial information, acquaintance with materials of business before preparation of the bill of particulars, etc., that, in turn, can entail as infringement of the laws of persons participating in business, and threat of distribution of personal data and threat of physical safety. UPK the Russian Federation contains general article 11 which regulates protection of the rights and freedom of the person and the citizen in criminal trial, however, it is necessary to notice, that though designated article and declares the general guarantees, in it information threats existing today and possible abusings the information technologies used in criminal trial are not considered.

The first step on a way of a designation of a problem of information safety was acceptance of the Doctrine of information safety of the Russian Federation from September, 9th, 2000 in which criteria of concept of information safety have been defined, nevertheless she did not solve many problems in law-enforcement sphere, including being in criminal trial conducting. Besides, it is represented pertinent to notice, that to legal regulation of information safety by the legislator it is not given due attention. So, the Doctrine of information safety of the Russian Federation operated in [177] current of 16 years, and only in 2016 the new Doctrine of information safety of the Russian Federation has been approved.

In theoretical sense information safety in criminal trial includes two components: the first - protection of the rights and freedom of the concrete person participating in criminal trial, and the second - protection of the state public interests which can arise at

To threat of information safety of the state bodies and

182

Official, involved in criminal trial.

Degree of danger of intended distortion of the information at introduction of a computerisation of the criminal trial has been estimated by overwhelming number of employees of organs of inquiry and agencies in charge of preliminary investigation (57 persons (55,4 %) have estimated as «below an average» (2 points on a five-point scale), 38 persons (36,9 %) as average). In turn, danger of infringement of confidentiality of data on participants of criminal trial at introduction of a computerisation of the criminal trial as «above an average» (4 points on a five-point scale) have estimated 40,8 % (42 persons), as "average" (3 points on a five-point scale) - 28,2 % (29 persons), as "high" (5 points on a five-point scale) - 12,6 % (13 persons).

The concept «information safety» is not regulated by the criminal procedure legislation. Thereupon it is obviously necessary to give the legal characteristic to discussed concept, first of all. Information safety is caused first of all by information object.

For criminal procedure relations information safety of criminal trial can be differentiated in dependence [178 [179] [180]

From the subject: convicted, the victim, witnesses and professional participants of criminal trial - officials of organs of inquiry, agencies in charge of preliminary investigation and Office of Public Prosecutor, judges, lawyers and safety of experts and experts.

Among sources of threats of information safety it is possible to allocate two groups: external sources - in case threat of information safety proceeds from professional participants of criminal trial - officials of the state bodies or in case of office interest in realisation of such threats, and the internal sources including threats, proceeding from the third parties which directly not participating and have been not involved in criminal trial.

Proceeding from classification of kinds of information safety and sources of its threats, in our opinion, maintenance of safety of information technologies should be provided, on the one hand, with is administrative-organizational measures - storage of data carriers in safes, protection of premises, and on the other hand, measures of computer (information) safety - an access code, an establishment of different volume of access rights to the information, coding and information enciphering.

In turn, Federal act item 16 «About the information, information technologies and about information protection» fixes, that information protection represents acceptance of the legal, organizational and technical measures directed on:

1) maintenance of protection of the information from wrongful access, destruction, modifying, blocking, copying, granting, distribution, and also from other wrongful acts concerning such information;

2) observance of confidentiality of the information of the limited access;

184

3) realisation of the right to access to the information.

Specified article also provides a duty of the owner of the information and the operator of information system in the cases established by the legislation of the Russian Federation, to provide:

1) prevention of not authorised access to the information and (or) transfers to her faces which do not have the rights to access to the information;

2) timely detection of the facts of not authorised access to the information;

3) the prevention of possibility of adverse consequences of infringement of an order of access to the information;

4) influence bar of claim by lapse of time on means of processing of the information in which result their functioning is broken;

5) possibility of immediate restoration of the information modified or destroyed owing to not authorised access to it;

6) the constant control over maintenance of level of security of the information;

7) a finding in territory of the Russian Federation of databases of the information with which use are carried out gathering, record, ordering, accumulation, storage, specification (updating, change), extraction of the personal given citizens of the Russian Federation.

The information in a modern society is not only a subject of professional exchanges, a resource of acceptance of administrative decisions, but also means of maintenance of higher quality of a life. The information all [181] carries out functions of object of criminal trespasses, means of competitive struggle of business structures and even the weapon of information wars is more often. In these conditions, first of all, the role of safe use of the information increases in public authorities, in law enforcement bodies, in country life-support systems. Prevention of the information leakage, not authorised access is one of the major problems of departments of information safety of divisions of the Ministry of Internal Affairs. Certainly, presence of the confidential information (the state, professional secret, personal data), leads to a vital issue of its protection from plunder, removal, change, viewing.

If in last time the control over information technologies was professional work of experts in the field of computer technologies now realisation of such control is a duty and the ordinary user that involves requirement available at that special knowledge for the purpose of forecasting and prevention of information threats. In connection with increase in quantity of employees of the state bodies danger of plunder of the information including employees, it leads to toughening of a policy and monitoring systems increases. Thereupon it is rather logical to notice, that access granting to information technologies and the databases, based on them, has entailed also expansion of possibilities for abusing such information and fulfilment of information crimes. Unfortunately, statistically to estimate a problem of information safety it is practically impossible, that is caused by administrative closeness of the state bodies and desire to hide the facts of loss of the important information. Nevertheless on research of ajti-company InfoWatch distribution of the reasons of occurrence of information threats as of 2014 has been presented in the ratio:

- 12 % of cases - theft or loss of electronic data carriers, the technical devices containing the information, from them of 0,6 % of cases - loss of personal mobile phones-smart phones or tablets;

- 24 % of cases - the reasons have not been established;

- 24 % of cases - transfer of the significant information by means of a network the Internet regular employees; from them of 12 % of cases - an information transfer with use of personal e-mail;

- 5 % of cases - copying and transfer of the significant information by means of demountable data carriers;

- 1 % of cases - transfer of the significant information through

185

messendzhery.

The market of means of information safety is filled by systems, in this or that kind working over the given problem. We will consider not cryptographic protection frames from not authorised access (NSD). As it has been designated above, there are external and internal threats of safety to information systems.

With a view of the present research it is offered to understand as external threats of information safety - danger of damage, change or loss of the information and the information technologies, proceeding from the third parties which not participating and have been not involved in criminal trial, for example, the harmful software "viruses", directed on destruction, copying and the subsequent theft of the information, reception of monetary [182] means pursuing by the purpose for returning of the information or performance of other requirements by officials of the state bodies.

It is necessary to notice, that now information technologies take root into activity of the state bodies as for the purpose of realisation of public management and realisation of interaction with citizens, and for the purpose of optimisation inter-and interdepartmental interaction more and more. In any case, information technologies are transmission media and information processings. Thus, as object of an encroachment the information in any form acts.

Scientific researches in the field of the information right allow to allocate the general and private level of is standard-legal regulation information safety. The general level of information safety includes the general questions of maintenance of safety of system of the state public bodies and the bodies allocated with separate public powers, regulates the general principles and activity bases on maintenance of such safety, and private level of is standard-legal regulation information safety regulates separate information processes in criminally - remedial activity and information technologies as means, including applied by organs of inquiry and agencies in charge of preliminary investigation, organs of the Prosecutor's Office and courts of justice. Thereupon, it is necessary to notice, that if the general is standard-legal regulation in the domestic legislation is presented by some certificates branch it is standard-legal regulation in the field of maintenance of information safety in criminal trial at all is absent.

And quality of ways of protection of the information from external threats it is possible to consider the following. First, multilevel protection against a harmful code and a spam - the complex of measures including introduction of following systems: anti-virus protection of workstations and servers; kontentnoj traffic filtrations on presence of the harmful software. Protection against a spam. Secondly, protection of physical perimetre (at level of means) body: the organisation of gateway shielding - designing and construction of systems of the organisation of access to the Internet or between branches of the enterprises, expansion of systems of detection and prevention of intrusions (IPS). The specified systems represent hardware-software complexes under the traffic analysis on presence of signatures of attacks with possibility of automatic reaction and reflexion of attacks. Thirdly, the protection of data links consisting in the organisation and construction shifrovannyh of communication channels between divisions of bodies, the organisations of systems of safe remote access to information resources.

It is necessary to consider and questions of protection against internal threats of information safety. It is offered to understand danger of damage, change or loss of the information and the information technologies as internal threats of information safety, proceeding from official employees of the state bodies, caused as deliberate actions, and owing to negligent negligence and imprudence. Protection of the confidential information against deliberate actions of employees represents construction of the complex monitoring system and counteraction to internal threats of safety (to deliberate actions insajderov on infringement of integrity, availability or confidentiality of the information). Introduction of the given complex allows to provide protection of the information against not authorised access, copying, distortion by application of systems kontentnoj filtrations of the traffic of users (WEB, E-mail, ICQ), the control of demountable carriers (USB devices - flesh-stores, external

HDD) on workplaces of employees, turns of the press, access to network resources.

Other aspect is maintenance of confidentiality of the information at storage and transfer which represents a complex of organizational-technical measures on bar of claim by lapse of time komprometatsii, thefts, updatings or destructions of the confidential information both internal infringers of safety, and the third parties. Within the limits of the specified threats probably carrying out of such actions, as enciphering of communication channels (organisation VPN, certificates SSL, use ETSP) and enciphering of data carriers.

Now it is not called any more into question, that the information is the fourth branch of the power. Thereupon it is possible to approve, that accumulation of a significant amount of the information, including personal data, within the limits of information bases of such state body as the Ministry of Internal Affairs, and possible consequences of information leakage will negatively affect many areas of ability to live of a society. Use of security measures traditional for today, such as antiviruses, carries out functions of protection of information actives from external threats, but at all does not provide protection of information actives against leak, distortion or destruction by the internal malefactor.

With a view of prevention of threats of casual and deliberate leaks of confidential data such systems, as DLP - systems, SIEM - systems, IDS/IPS are called. Nevertheless it is necessary to recognise, that the specified technologies do not do system absolutely safe. Necessity of revision of the concept of training of experts of the state structures, including employees of law-enforcement bodies follows from the told, on disciplines of the subject block «Information safety». As we see, there are good causes to speak about expansion and deepening of the maintenance of such training, about modelling during training of situations of all spectrum of information threats, about introduction poiskovoissledovatelskogo a component (in the form of performance of academic year projects) in process of subject preparation of experts.

Today information technologies are introduced in many spheres of the state activity. They are simple and effective in application, but the main thing, they facilitate work to various bodies and establishments, create a strong basis for creation of appropriate document circulation, its safety promote. The turn of electronic documents became a new effective vector in development of many establishments. Not casually in system of functioning of the state bodies the departmental is standard-legal base is accepted. The legal regulation of introduction of information technologies in system of functioning of official bodies (information protection frames exist in systems of the Pension fund of the Russian Federation, the Central bank of the Russian Federation, Federal tax service of the Russian Federation and other departments), despite all obvious pluses, for the present is not up to the mark. Far not all official bodies have introduced information technologies in the work. Practically there is no system of conducting electronic document circulation in investigatory-operative divisions.

Criminal trial of the Russian Federation is constructed on conducting the documents having the substantiated form, its conservatism is regulated legislatively. The out-of-date position on the given question forces us to come to a unique conclusion: in Russia there is no complete system of protection of the information of criminal trial.

Despite some advantages of the documentary information which is understood fixed on the material carrier by documenting as the information with the requisites, allowing to define such information or in established by the legislation Russian

Federations cases its material carrier, it possesses a number of essential lacks among which it is possible to name possibility available for the official on entering of corrections into the document [183 [184] [185] [186]. Let alone that are possible both falsification of proofs, and destruction important for a consequence of remedial documents that in practice happens quite often. Not casually therefore at some stages of criminal trial, for example, at a stage of consideration of the message on a crime, there are a various sort the official abusings connected with a procedure for registration of these messages. The decision of similar problems directly is connected with efficiency of introduction of information technologies in the criminal trial. In the legal literature there is a number of offers on a computerisation and criminal trial information, it is enough to address to R.O.Nikitin, K.B.Kalinovsky, A.S.Klementyev's works, etc. Authors underline importance of introduction of information technologies in remedial activity.

Interesting and simultaneously "extreme" position concerning criminal trial information is occupied with S.V.Vlasova offering universal introduction of digital technologies in criminal trial, consisting in introduction of document circulation on the basis of the parallel register and allowing any person (even to the person not allocated with the remedial status within the limits of criminal case) to participate in criminal case. The offered S.V.Vlasovoj model of construction of criminal trial «the People vs citizen H» should lead to justice «released from bureaucracy», to level «funktsional the inspector», and function on all-round and objective investigation of criminal case should be assigned on the robot [187]. From our point of view, such extreme reorganisation of criminal trial is not admissible, criminal trial is constructed on the principles standing on protection of legitimate rights and interests of the parties of the criminal trial, and information technologies should serve, first of all, to the purposes of increase of efficiency and availability to criminal procedure protection.

All stages of criminal trial require the modern information technological system, allowing to protect the information of criminal case and to provide to subjects of criminalistic activity a fast and effective information field for operative realisation of office functions. We believe, that information should begin with a stage of registration of the message on a crime, as at this stage, according to the report on the basic results of work of Office of Public Prosecutor of the Russian Federation for November-December, 2017, at reception, registration and consideration of messages on a crime in 2016г. 3778553 infringements, and in 2017г have been registered. - 3793667 infringements, with increase at 0,4 % [188]. The similar problems arising at a stage

Registration of crimes, are shined in works of employees of scientific research institute

192

Academies G eneralnoj Offices of Public Prosecutor of the Russian Federation.

Taking into account it introduction of electronic document circulation will promote timely and appropriate registration of messages on a crime, owing to that that the mechanism of functioning of electronic system allows to notify in the term of subjects of criminalistic activity set by the program on necessity of acceptance of remedial decisions (for example if review periods of the message on a crime expire, the system signals about it). By means of this system the simplified order of using by electronic documents for the persons allocated with corresponding powers will be created. Documents should be protected from extraneous intervention by means of means of cryptographic protection of the information (further - SKZI). For the subjects who are carrying out administrative, public prosecutor's or judicial supervision, the information system will allow to trace an order, terms of acceptance of remedial decisions without certiorary at the official in the presence of the corresponding information key providing access to the electronic document.

Let's notice, that not only electronic information means could protect the criminal case information. The complex of measures among which it is possible to note an information legal protection, is necessary for realisation of this purpose technical protection of the information, cryptographic protection

193

Information, physical protection of the information. [189 [190]

Among priorities in the decision of an object in view of maintenance of electronic information safety of criminal trial it is possible to offer the following:

1) maintenance of a legal regulation of an order, the form and system of introduction of means of electronic information protection;

2) maintenance of appropriate functioning SKZI by means of the special divisions entering into system of organs of inquiry;

3) creation of system of conducting electronic registration of messages on the crimes, allowing to reflect a reception order, consideration procedure, and also to fix the decision passed by the official, with fixing of all specified process in special electronic magazine, to which the subject who is carrying out kontrolno-supervising functions should have a key of access only;

4) creation of system of conducting electronic materials of check of messages on a crime with access of the persons allocated with the right of the control (the head of the organ of inquiry, the chief of division of inquiry) and supervision (the public prosecutor, the judge);

5) creation of system of conducting the electronic criminal cases, allowing to simplify an order of using it to provide timely acceptance of remedial decisions by the official. The electronic system will promote the control of the head of investigatory division over order of investigation of criminal cases and will allow to trace terms, the method of adoption and a kind of the remedial decision;

6) creation of system of the electronic digital signature will allow subjects of criminalistic activity to certificate electronic documents, that, undoubtedly, will facilitate work on a distance (at departure of commissions, preparation of answers to inquiries etc.).

Nevertheless it is necessary to note the general tendency of a state policy directed on maintenance of information safety.

So, for example, in January 2017г. The State Duma of the Russian Federation in the first reading had been approved the bill «About modification of the Criminal code of the Russian Federation and the Code of Criminal Procedure of the Russian Federation in connection with Federal act acceptance« About safety of a critical information infrastructure of the Russian Federation »[191].

Besides it, it is necessary to notice, that UPK the Russian Federation does not contain the norms specially directed on maintenance of safety of information technologies, used in criminal trial. Thereupon it is represented proved to approve, that safety maintenance including information, participants of criminal trial is one of unconditional principles of criminal trial. In connection with the designated thesis, and also doubtless actualisation of use of information technologies in criminal trial now, modification of item 11 UPK the Russian Federation «Protection of the rights and freedom of the person and the citizen in the criminal trial» and a statement ch is necessary. 3 named articles in the following edition: « In the presence of sufficient data that to the victim, threaten the witness or other participants of the criminal trial, and also their close relatives, relatives or close persons with murder, violence application, destruction or damage of their property, distortion or damage of the information on those in materials of the criminal case, capable to affect the further course of investigation or proceeding, or other dangerous illegal acts, court, the public prosecutor, the head of the organ of inquiry, the inspector, agency in charge of preliminary investigation, the chief of agency in charge of preliminary investigation, the chief of division of inquiry and the investigator accept within the competence concerning the specified persons the security measures provided by item 166 ch. 9, 186 ч.2, 193 ch. 8, 241 items 4 ch. And 278 ch. 5 UPK the Russian Federation, and also other security measures, including the safety of used information technologies provided by the legislation of the Russian Federation directed on maintenance. »

The resulted edition ch. 3 items 11 provide following security measures: in the investigatory action report in which its representative or the witness participate the victim, the inspector has the right not to cite data about their person (ch. 9 items 166 UPK the Russian Federation); control and records of telephone and other negotiations concerning the specified persons in the presence of threat of violence and other criminal trespasses (ch. 2 items 186 UPK the Russian Federation); a presentation of the person for an identification in the conditions excluding visual supervision identifying identified (ch. 8 items 193 UPK the Russian Federation); criminal case consideration in the closed session of the court with a view of maintenance of safety of participants of proceeding, their close relatives, relatives or close persons (item 4 ch. 2 items 241 UPK the Russian Federation); Interrogation of the victim, the witness is spent by court without announcement of original data about the person interrogated, in the conditions of the victim excluding visual supervision, the witness other participants of proceeding (ch. 5 items 278 UPK the Russian Federation). It besides, agree ch. 3 items 317 UPK the Russian Federation, in case of occurrence of threat of safety suspected or convicted with which the pre-judicial cooperation agreement is concluded, its close relatives, relatives and close persons the inspector take out the decision about storage in an envelope of following documents: the petition for the conclusion of the pre-judicial cooperation agreement, the decision of the inspector for excitation before the public prosecutor of the petition for the conclusion with suspected or convicted the pre-judicial cooperation agreement, the decision of the public prosecutor about satisfaction of the petition for the conclusion of the pre-judicial cooperation agreement, the pre-judicial cooperation agreement.

However, speaking about maintenance of safety of the information technologies used in criminal trial, it is necessary to notice, that the first step on maintenance that the establishment in UPK the Russian Federation the concrete criminal procedure form of the actions made with application of information technologies should be. Taking into consideration both internal, and external threats of safety of information technologies in criminal trial, it is necessary to notice possibility of occurrence, that UK the Russian Federation provides responsibility for payoff or enforcement to testify, evasion from evidence or to wrong transfer (item 309 UK the Russian Federation), disclosure of data of preliminary investigation (item 310 UK the Russian Federation), and also disclosure of data on the security measures applied concerning the judge and participants of criminal trial (item 311 UK the Russian Federation). Besides, the official of body of the criminal trial who has not accepted appropriate security measures, is involved in various kinds of legal responsibility up to criminal (item 293 UK the Russian Federation "Negligence").

Besides it, we consider necessary to pay attention that safety issues of use of information technologies in criminal trial, certainly, should include and technical measures. The circle of the questions which are coming for the decision by technical experts is not less wide rather than similar for lawyers. It is represented, that among such questions, besides obvious - threat of leak, information change, can appear and the following: the control of work with external stores, sending of the information from the personal computer, change of the information on a file in which the important information for investigation contains, owing to its opening by the user and many other things. In view of what, anticipating questions, we consider necessary to express our opinion on this question: Along with the legal measures directed on maintenance of safety of the information, technical measures are necessary also, for example, use of the special software, allowing to supervise all actions of the personal computer or with the external store of the information. At width of a choice of such software we will result as an example system DeviceLock DLP Suite [192]. The basic advantages unique program obespechennija are, first, possibility of prevention of leaks of text data in images from the user computers not only at work inside, but also out of a corporate network, and secondly, protection against leaks of the text presented in the graphic form through local channels of transfer, for example, at copying of files with images on demountable carriers, besides, prevention of leak of data at the press of documents initiated by any appendix and on any printer. The designated software is equipped by a highly effective scaled subsystem of recording of actions of users with possibility of automatic gathering and storage in the central database of magazines sobytijnogo recording and shadow copies of the given controllable operations, and also maintenance of security from attempts of change executed the politician, switching-off, removal and other destructive actions not only from usual users, but also from local system administrators.

Besides the listed above criminal procedure and technical measures, it is necessary to pay attention to possibility of realisation of precautionary security measures. So, during investigatory actions the inspector has the right to reveal cases of potential threats to participants of the criminal trial and to react to them properly. It concerns also situations when behaviour interrogated suspected or convicted, presence at it previous convictions, the fact of fulfilment of a violent crime give them the basis for a conclusion about possibility of illegal influence on the victim, witnesses and other participants of the criminal trial. It is necessary to carry explanations to preventive measures about possibility of approach of the criminal liability for fulfilment of crimes against the specified participants, and also about inadmissibility of threats and others wrongful acts.

<< | >>
A source: Medvedeva MARIA OLEGOVNA. the CRIMINAL PROCEDURE FORM of INFORMATION TECHNOLOGIES: the MODERN CONDITION And the BASIC DIRECTIONS of DEVELOPMENT. The dissertation on competition of a scientific degree of the master of laws. Moscow -. 2018

More on topic § 4. The elements of the criminal procedure form directed on maintenance of safety of information technologies:

  1. § 1. The Criminal procedure form of the information technologies used for the organisation of activity of officials and bodies, carrying out the criminal trial
  2. § 2. Features and properties of the criminal procedure form of information technologies in criminal trial of the Russian Federation
  3. § 2. The Criminal procedure form of the information technologies used for collecting, check and evaluation of evidence
  4. § 3. The Criminal procedure form of the information technologies used for the control of activity of officials and bodies, carrying out the criminal trial
  5. Chapter 1 the CRIMINAL PROCEDURE FORM of INFORMATION TECHNOLOGIES: CONCEPT, KINDS And PROPERTIES
  6. Medvedev MARIA OLEGOVNA. the CRIMINAL PROCEDURE FORM of INFORMATION TECHNOLOGIES: the MODERN CONDITION And the BASIC DIRECTIONS of DEVELOPMENT. The dissertation on competition of a scientific degree of the master of laws. Moscow -, 2018 2018
  7. § 2. Use of the information presented in electronic form, during criminal procedure proving at a stage of preliminary investigation [300 [301]
  8. § 2. Concept and essence of criminal procedure proving taking into account features of representation of the information on the facts in electronic form
  9. § 5. About prospects of reforming of criminal trial on the basis of introduction of information technologies
  10. Chapter 2 the BASIC DIRECTIONS of DEVELOPMENT UGOLOVNOPROTSESSUALNOJ of the FORM of INFORMATION TECHNOLOGIES In MODERN Russia
  11. § 1. Specification (modernisation) of the information approach to To understanding of criminal procedure proofs
  12. 1.1. Essence, the maintenance and the form of punishment under criminal law in the form of arrest
  13. § 4. Occurrence and the basic stages of development of standard regulation of information technologies in criminal trial of Russia